[Console] Fixed a vulnerability into the 'fgraph.php' script
This commit is contained in:
parent
64ec82f9d6
commit
849eba10d4
|
@ -32,8 +32,6 @@ var SIZE_GRID = 16; //Const the size (for width and height) of grid.
|
||||||
var img_handler_start;
|
var img_handler_start;
|
||||||
var img_handler_end;
|
var img_handler_end;
|
||||||
|
|
||||||
var font;
|
|
||||||
|
|
||||||
function toggle_advance_options_palette(close) {
|
function toggle_advance_options_palette(close) {
|
||||||
if ($("#advance_options").css('display') == 'none') {
|
if ($("#advance_options").css('display') == 'none') {
|
||||||
$("#advance_options").css('display', '');
|
$("#advance_options").css('display', '');
|
||||||
|
@ -58,23 +56,6 @@ function visual_map_main() {
|
||||||
img_handler_end = data;
|
img_handler_end = data;
|
||||||
});
|
});
|
||||||
|
|
||||||
//Get the actual system font.
|
|
||||||
parameter = Array();
|
|
||||||
parameter.push ({name: "page", value: "include/ajax/visual_console_builder.ajax"});
|
|
||||||
parameter.push ({name: "action", value: "get_font"});
|
|
||||||
parameter.push ({name: "id_visual_console",
|
|
||||||
value: id_visual_console});
|
|
||||||
jQuery.ajax({
|
|
||||||
url: get_url_ajax(),
|
|
||||||
data: parameter,
|
|
||||||
type: "POST",
|
|
||||||
dataType: 'json',
|
|
||||||
success: function (data)
|
|
||||||
{
|
|
||||||
font = data['font'];
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
//Get the list of posible parents
|
//Get the list of posible parents
|
||||||
parents = Base64.decode($("input[name='parents_load']").val());
|
parents = Base64.decode($("input[name='parents_load']").val());
|
||||||
parents = eval("(" + parents + ")");
|
parents = eval("(" + parents + ")");
|
||||||
|
@ -1912,9 +1893,9 @@ function setPercentileBar(id_data, values) {
|
||||||
value_text = module_value + " " + unit_text;
|
value_text = module_value + " " + unit_text;
|
||||||
}
|
}
|
||||||
|
|
||||||
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar&height=15&' +
|
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbar&height=15&' +
|
||||||
'width=' + width_percentile + '&mode=1&progress=' + percentile +
|
'width=' + width_percentile + '&mode=1&progress=' + percentile +
|
||||||
'&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB;
|
'&value_text=' + value_text + '&colorRGB=' + colorRGB;
|
||||||
|
|
||||||
$("#"+ id_data).attr('src', img);
|
$("#"+ id_data).attr('src', img);
|
||||||
|
|
||||||
|
@ -2035,9 +2016,9 @@ function setPercentileBubble(id_data, values) {
|
||||||
value_text = module_value + " " + unit_text;
|
value_text = module_value + " " + unit_text;
|
||||||
}
|
}
|
||||||
|
|
||||||
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?homeurl=../../&graph_type=progressbubble&height=' + width_percentile + '&' +
|
var img = url_hack_metaconsole + 'include/graphs/fgraph.php?graph_type=progressbubble&height=' + width_percentile + '&' +
|
||||||
'width=' + width_percentile + '&mode=1&progress=' + percentile +
|
'width=' + width_percentile + '&mode=1&progress=' + percentile +
|
||||||
'&font=' + font + '&value_text=' + value_text + '&colorRGB=' + colorRGB;
|
'&value_text=' + value_text + '&colorRGB=' + colorRGB;
|
||||||
|
|
||||||
$("#image_" + id_data).attr('src', img);
|
$("#image_" + id_data).attr('src', img);
|
||||||
|
|
||||||
|
|
|
@ -2457,10 +2457,10 @@ function progress_bar($progress, $width, $height, $title = '', $mode = 1, $value
|
||||||
require_once("include_graph_dependencies.php");
|
require_once("include_graph_dependencies.php");
|
||||||
include_graphs_dependencies($config['homedir'].'/');
|
include_graphs_dependencies($config['homedir'].'/');
|
||||||
$src = ui_get_full_url(
|
$src = ui_get_full_url(
|
||||||
"/include/graphs/fgraph.php?homeurl=../../&graph_type=progressbar" .
|
"/include/graphs/fgraph.php?graph_type=progressbar" .
|
||||||
"&width=".$width."&homedir=".$config['homedir']."&height=".$height."&progress=".$progress.
|
"&width=".$width."&height=".$height."&progress=".$progress.
|
||||||
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
|
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
|
||||||
"&title=".$title."&font=".$config['fontpath']."&value_text=". $value_text .
|
"&title=".$title."&value_text=". $value_text .
|
||||||
"&colorRGB=". $colorRGB, false, false, false
|
"&colorRGB=". $colorRGB, false, false, false
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -2492,10 +2492,10 @@ function progress_bubble($progress, $width, $height, $title = '', $mode = 1, $va
|
||||||
include_graphs_dependencies($config['homedir'].'/');
|
include_graphs_dependencies($config['homedir'].'/');
|
||||||
|
|
||||||
return "<img title='" . $title . "' alt='" . $title . "'" .
|
return "<img title='" . $title . "' alt='" . $title . "'" .
|
||||||
" src='" . $config['homeurl'] . $hack_metaconsole . "/include/graphs/fgraph.php?homeurl=../../&graph_type=progressbubble" .
|
" src='" . $config['homeurl'] . $hack_metaconsole . "/include/graphs/fgraph.php?graph_type=progressbubble" .
|
||||||
"&width=".$width."&height=".$height."&progress=".$progress.
|
"&width=".$width."&height=".$height."&progress=".$progress.
|
||||||
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
|
"&mode=" . $mode . "&out_of_lim_str=".$out_of_lim_str .
|
||||||
"&title=".$title."&font=".$config['fontpath']."&value_text=". $value_text .
|
"&title=".$title."&value_text=". $value_text .
|
||||||
"&colorRGB=". $colorRGB . "' />";
|
"&colorRGB=". $colorRGB . "' />";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,48 +10,29 @@
|
||||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
// GNU General Public License for more details.
|
// GNU General Public License for more details.
|
||||||
|
|
||||||
$ttl = 1;
|
|
||||||
$homeurl = '';
|
|
||||||
|
|
||||||
if (isset($_GET['homeurl'])) {
|
|
||||||
$homeurl = $_GET['homeurl'];
|
|
||||||
}
|
|
||||||
else $homeurl = '';
|
|
||||||
|
|
||||||
$homeurl = ((bool)filter_var($homeurl, FILTER_VALIDATE_URL) == 1) ? '' : $homeurl;
|
|
||||||
|
|
||||||
if (isset($_GET['ttl'])) {
|
|
||||||
$ttl = $_GET['ttl'];
|
|
||||||
}
|
|
||||||
else $ttl_param = 1;
|
|
||||||
|
|
||||||
if (isset($_GET['graph_type'])) {
|
|
||||||
$graph_type = $_GET['graph_type'];
|
|
||||||
}
|
|
||||||
else $graph_type = '';
|
|
||||||
|
|
||||||
//$graph_type = get_parameter('graph_type', '');
|
|
||||||
//$ttl_param = get_parameter('ttl', 1);
|
|
||||||
//$homeurl_param = get_parameter('homeurl', '');
|
|
||||||
|
|
||||||
// Turn on output buffering.
|
// Turn on output buffering.
|
||||||
// The entire buffer will be discarded later so that any accidental output
|
// The entire buffer will be discarded later so that any accidental output
|
||||||
// does not corrupt images generated by fgraph.
|
// does not corrupt images generated by fgraph.
|
||||||
ob_start ();
|
ob_start();
|
||||||
|
|
||||||
|
global $config;
|
||||||
|
|
||||||
|
if (empty($config['homedir'])) {
|
||||||
|
require_once ('../../include/config.php');
|
||||||
|
global $config;
|
||||||
|
}
|
||||||
|
|
||||||
|
include_once($config['homedir'] . '/include/functions.php');
|
||||||
|
|
||||||
|
$ttl = get_parameter('ttl', 1);
|
||||||
|
$graph_type = get_parameter('graph_type', '');
|
||||||
|
|
||||||
if (!empty($graph_type)) {
|
if (!empty($graph_type)) {
|
||||||
$homedir = $_GET['homedir'];
|
include_once($config['homedir'] . '/include/functions_html.php');
|
||||||
if ($homedir != null) {
|
include_once($config['homedir'] . '/include/graphs/functions_gd.php');
|
||||||
$config['homedir'] = $homedir;
|
include_once($config['homedir'] . '/include/graphs/functions_utils.php');
|
||||||
}
|
include_once($config['homedir'] . '/include/graphs/functions_d3.php');
|
||||||
|
include_once($config['homedir'] . '/include/graphs/functions_flot.php');
|
||||||
include_once($homeurl . 'include/functions.php');
|
|
||||||
include_once($homeurl . 'include/functions_html.php');
|
|
||||||
|
|
||||||
include_once($homeurl . 'include/graphs/functions_gd.php');
|
|
||||||
include_once($homeurl . 'include/graphs/functions_utils.php');
|
|
||||||
include_once($homeurl . 'include/graphs/functions_d3.php');
|
|
||||||
include_once($homeurl . 'include/graphs/functions_flot.php');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clean the output buffer and turn off output buffering
|
// Clean the output buffer and turn off output buffering
|
||||||
|
@ -61,13 +42,12 @@ switch($graph_type) {
|
||||||
case 'histogram':
|
case 'histogram':
|
||||||
$width = get_parameter('width');
|
$width = get_parameter('width');
|
||||||
$height = get_parameter('height');
|
$height = get_parameter('height');
|
||||||
$font = get_parameter('font');
|
|
||||||
$data = json_decode(io_safe_output(get_parameter('data')), true);
|
$data = json_decode(io_safe_output(get_parameter('data')), true);
|
||||||
|
|
||||||
$max = get_parameter('max');
|
$max = get_parameter('max');
|
||||||
$title = get_parameter('title');
|
$title = get_parameter('title');
|
||||||
$mode = get_parameter ('mode', 1);
|
$mode = get_parameter ('mode', 1);
|
||||||
gd_histogram ($width, $height, $mode, $data, $max, $font, $title);
|
gd_histogram ($width, $height, $mode, $data, $max, $config['fontpath'], $title);
|
||||||
break;
|
break;
|
||||||
case 'progressbar':
|
case 'progressbar':
|
||||||
$width = get_parameter('width');
|
$width = get_parameter('width');
|
||||||
|
@ -77,7 +57,6 @@ switch($graph_type) {
|
||||||
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
|
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
|
||||||
$out_of_lim_image = get_parameter('out_of_lim_image', false);
|
$out_of_lim_image = get_parameter('out_of_lim_image', false);
|
||||||
|
|
||||||
$font = get_parameter('font');
|
|
||||||
$title = get_parameter('title');
|
$title = get_parameter('title');
|
||||||
|
|
||||||
$mode = get_parameter('mode', 1);
|
$mode = get_parameter('mode', 1);
|
||||||
|
@ -87,7 +66,7 @@ switch($graph_type) {
|
||||||
$value_text = get_parameter('value_text', '');
|
$value_text = get_parameter('value_text', '');
|
||||||
$colorRGB = get_parameter('colorRGB', '');
|
$colorRGB = get_parameter('colorRGB', '');
|
||||||
|
|
||||||
gd_progress_bar ($width, $height, $progress, $title, $font,
|
gd_progress_bar ($width, $height, $progress, $title, $config['fontpath'],
|
||||||
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
|
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
|
||||||
$value_text, $colorRGB);
|
$value_text, $colorRGB);
|
||||||
break;
|
break;
|
||||||
|
@ -99,7 +78,6 @@ switch($graph_type) {
|
||||||
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
|
$out_of_lim_str = io_safe_output(get_parameter('out_of_lim_str', false));
|
||||||
$out_of_lim_image = get_parameter('out_of_lim_image', false);
|
$out_of_lim_image = get_parameter('out_of_lim_image', false);
|
||||||
|
|
||||||
$font = get_parameter('font');
|
|
||||||
$title = get_parameter('title');
|
$title = get_parameter('title');
|
||||||
|
|
||||||
$mode = get_parameter('mode', 1);
|
$mode = get_parameter('mode', 1);
|
||||||
|
@ -109,7 +87,7 @@ switch($graph_type) {
|
||||||
$value_text = get_parameter('value_text', '');
|
$value_text = get_parameter('value_text', '');
|
||||||
$colorRGB = get_parameter('colorRGB', '');
|
$colorRGB = get_parameter('colorRGB', '');
|
||||||
|
|
||||||
gd_progress_bubble ($width, $height, $progress, $title, $font,
|
gd_progress_bubble ($width, $height, $progress, $title, $config['fontpath'],
|
||||||
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
|
$out_of_lim_str, $out_of_lim_image, $mode, $fontsize,
|
||||||
$value_text, $colorRGB);
|
$value_text, $colorRGB);
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue